 |
|
|
|
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 13.10.2009 | | Source: |  | | | SecurityVulns ID: |  | 10307 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Palm Pre DoS | | Published: | | 13.10.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10309 | | Type: | | client | | Level: | | 4/10 | | Description: | | Crash on HTML parsing. |
| Microsoft Windows Media Player buffer overflow | | Published: | | 13.10.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10312 | | Type: | | client | | Level: | | 6/10 | | Description: | | Buffer overflow on .ASF files parsing. |
| Microsoft Windows LSA DoS | | Published: | | 13.10.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10317 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Crash on NTLM authentication parsing. |
Microsoft Windows (including Windows 7) SMB2 array index overflow
updated since 08.09.2009 | | Published: | | 13.10.2009 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 10210 | | Type: | | remote | | Level: | | 9/10 | | Description: | | Crash on SMB2 protocol NEGOTIATE PROTOCOL REQUEST SMB request parsing |
| kvm privilege escalation | | Published: | | 13.10.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10310 | | Type: | | local | | Level: | | 5/10 | | Description: | | kvm_emulate_hypercall doesn't filter MMU hypercalls from ring 0. |
| Affected: |  | LINUX : kernel 2.6 | | CVE: |  | CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses.") | | | | CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.) |
| Microsoft Windows Indexing Service ActiveX memory corruption | | Published: | | 13.10.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10315 | | Type: | | client | | Level: | | 7/10 |
CA Anti-Virus multiple security vulnerabilities
updated since 09.10.2009 | | Published: | | 13.10.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10305 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple vulnerabilities on RAR archives parsing. |
| Microsoft CryptoAPI certificate spoofing | | Published: | | 13.10.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10314 | | Type: | | library | | Level: | | 6/10 | | Description: | | Certificate name spoofing with NULL byte. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | CVE: | | CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability.") | | | | CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.) |
Microsoft Windows IIS FTP server buffer overflow
updated since 31.08.2009 | | Published: | | 13.10.2009 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 10193 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Buffer overflow in NLST command. Same vulnerability may be used for stack overflow (stack memory exhaustion) without need fo write access. |
Microsoft Active Template Library (ATL) multiple security vulnerabilities
updated since 29.07.2009 | | Published: | | 13.10.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10106 | | Type: | | library | | Level: | | 9/10 | | Description: | | Memory corruptions, information leak, initialization problem, leading to killbit protection bypass. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability.") | | | | CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability.") | | | | CVE-2009-0901 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability.") |
| Original document |  | MICROSOFT, Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525) (13.10.2009) |
| | | MICROSOFT, Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525) (13.10.2009) |
| | | IDEFENSE, iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability (20.08.2009) |
| | | IDEFENSE, iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Information Disclosure Vulnerability (20.08.2009) |
| | | IDEFENSE, iDefense Security Advisory 08.11.09: Multiple Vendor Microsoft ATL/MFC ActiveX Type Confusion Vulnerability (20.08.2009) |
| | | MICROSOFT, Microsoft Security Bulletin MS09-037 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) (11.08.2009) |
| | | CISCO, Cisco Security Advisory: Active Template Library (ATL) Vulnerability (29.07.2009) |
| | | CERT, US-CERT Technical Cyber Security Alert TA09-209A -- Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities (29.07.2009) |
| | | MICROSOFT, Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) (29.07.2009) |
Microsoft Windows Media Runtime multiple security vulnerabilities
updated since 13.10.2009 | | Published: | | 14.10.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10311 | | Type: | | library | | Level: | | 6/10 | | Description: | | Buffer overflows, memory corruptions. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability.") | | | | CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability.") |
Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.10.2009 | | Published: | | 14.10.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10313 | | Type: | | client | | Level: | | 7/10 | | Description: | | Multiple memory corruptions. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | CVE: | | CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.) | | | | CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.) | | | | CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability.") | | | | CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability.") |
Microsoft Windows kernel multiple security vulnerabilities
updated since 13.10.2009 | | Published: | | 17.10.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10316 | | Type: | | local | | Level: | | 6/10 | | Description: | | Integer overflow, NULL pointer dereference, exception handler vulnerability. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability.") | | | | CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability.") | | | | CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability.") |
Quick Heal Antiviral products weak permissions
updated since 13.10.2009 | | Published: | | 16.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10308 | | Type: | | local | | Level: | | 5/10 | | Description: | | Weak permissions on installation folder. |
|
|
|
|
|
|
|
|
